Everything you need to know about compliance solutions that work for your business. Stay on the right side of the law with ProPrivacy Compliance Solutions.
It’s not enough to just have a plan
Decision-making and deployment
Once your cyber security incident response plan has been deployed, it’s all too easy to fall into complacency. But an effective cyber security incident response plan is an ongoing effort, evolving as your business changes and grows.
Does it work in the real world?
Of course, the best laid plans may not prosper, but you won’t really know that until you’ve tested them. Playing out real-world scenarios and ensuring your cyber security incident response plan has the mettle for it, must be done. Don’t let overconfidence lull your team into complacency. Get testing!
Ensuring your internal network, and externally-facing company assets, are secure is a priority. But, to truly understand just how easy – or hopefully difficult! – it can be to gain access to these, you’ll need to conduct vulnerability testing. Vulnerability assessments function as problem-spotting programmes, identifying potential threats to your business, the risks they pose, and spotting any loopholes in your networks. Use the results of your vulnerability assessment to update and enhance your cyber security incident response plan.
Real world scenario testing
Simulating a cyber attack so that you can be sure of your company’s ability to respond, is a must. Consider these as important as fire drills and office evacuation exercises. We recommend three levels of testing for your company’s internal teams:
- Executive level testing: At this level, your executive team, management, and public relations teams, must know what to do and how to respond to every possible scenario. A cyber security incident is not just a technical problem; it can become a communications crisis too.
- Response team testing: Your IT department and its service providers will be first to the front when a cyber attack compromises the integrity of your business’ digital assets. How quickly do they respond, and who is responsible for ensuring every policy and procedure is followed?
- End user testing: You may think that your data capturing team, call centre agents, and secretaries, have a minor role to play in a cyber security incident response plan. You’d be wrong. The people who work at the front line of your business are an important part of your response mechanisms, and play an even greater role in managing queries, helping customers understand the effects of a cyber attack, and communicating how your company is responding to one. Skipping this level of testing would be very foolish indeed.
Debrief and decide
Here’s the big thing: cyber security incidents happen. Accidents happen. Slip ups happen. Being prepared for them, taking ownership of them, and then resolving any problems that may have occurred as a result of a cyber security incident, must be the priority. Debriefing your team after testing your cyber security incident response plan, will give you great insight into how to rolls out on the floor of your business. Insights from your teams at the coalface can help you improve your response at every level of your business. Debrief, make decisions, and then improve your cyber security incident response plan, as you need to.
At ProPrivacy, we help companies like yours gear up for the battle of ensuring they stay secure. Get in touch and we’ll help you test your cyber security incident response plan.
Do you know how to deal with a cyber security incident in your business? Cath Jenkin explores planning, testing and documenting a plan for your response in this cyber security blog.
The General Data Protection Regulation (GDPR) came into effect on 25 May 2018. But, what is GDPR and what does it mean for your business?
Every second headline features Brexit, and as the day looms closer, it may be a busy Halloween and Christmas for your business.
How do you keep your business secure in the cyber realm? Is this just a once-off exercise or is it ongoing?Cath Jenkin explains how to monitor and understand threats to your business.
Do you know how to deal with cyber security in your business? Is it just for the IT department to know? Cyber security is everyone's business. Cath Jenkin explores planning, informing and cyber education in the workplace in this cyber security blog.
Do you know how much cyber risk you take on in your business? How equipped are you to mitigate and manage this? Cath Jenkin helps us assess our business vulnerability in this cyber security blog.
Is your cyber security plan aligned with your business objectives? Why is this important? Cath Jenkin walks us through what's important and what doesn't matter when it comes to aligning your business objectives with your cyber security plan.
Are you prepared for breaches, hacks and attacks? Cath Jenkin advises on creating a cyber security plan for your business.
With cyber security, breaches, hacks and attacks being headline news daily, Cath Jenkin takes us through some basic elements of cyber risks and how to figure out the risk your business faces.
Intervied by IOL for: All are liable for social media comments.